package com.effectivcrm;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		http.csrf().disable();
		http.authorizeRequests().antMatchers("/api/**").permitAll();
		http.authorizeRequests().antMatchers("/webjars/**", "/signin", "/about").permitAll();
		http.authorizeRequests().antMatchers("/lead/**").hasAnyRole("CRM_USER","CRM_ADMIN","CRM_SU");
		http.authorizeRequests().antMatchers("/").hasAnyRole("CRM_USER","CRM_ADMIN","CRM_SU");
		
		
		http.formLogin()
				.passwordParameter("password").usernameParameter("username")
				.loginProcessingUrl("/authenticate")
				.failureUrl("/signin?error=SEC-0001").defaultSuccessUrl("/lead/list")
				.loginPage("/signin").permitAll().and().logout()
				.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
				.logoutSuccessUrl("/signin").permitAll();
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth)
			throws Exception {
		auth.inMemoryAuthentication().withUser("user").password("user")
				.roles("CRM_USER");
	}
}
